Tell HN: A new Nginx 0-day just dropped We (Nebula Security) just dropped a nginx remote code execution 0-day. This vulnerability affect dozens of fortune 500 companies and we disclosed to nginx team immediately. This 0-day is the third nginx bug that receives "major" rating since 2014. (https://x.com/nebusecurity/status/2067623683427045541) To check if your server is impacted:
Immediate action:
Shameless plug: this is the second nginx RCE 0-day we found in a month, using our security agent VEGA. (see our first nginx RCE at https://x.com/nebusecurity/status/2057071579876753643). We'll be doing an HN launch, but wanted to get the word out about this RCE sooner.In the meantime, if you are interesting in trying VEGA on your codebase, reach out at etenz@nebusec.ai. |